32,772 indexed
CVECVE vulnerabilities
32,772 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 6,351–6,400 of 8,314 in Critical · page 128 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2025-2951 | CVE-2025-2951 CVSS 9.8 | A vulnerability classified as critical has been found in Bluestar Micro Mall 1.0. Affected is an unknown function of the file /api/data.php. The manipulation o… |
| CVE-2025-2947 | CVE-2025-2947 CVSS 9.8 | IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate… |
| CVE-2025-29462 | CVE-2025-29462 CVSS 9.8 | A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socket… |
| CVE-2025-29411 | CVE-2025-29411 CVSS 9.8 | An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via u… |
| CVE-2025-2941 | CVE-2025-2941 CVSS 9.8 | The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via… |
| CVE-2025-29401 | CVE-2025-29401 CVSS 9.8 | An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafte… |
| CVE-2025-29386 | CVE-2025-29386 CVSS 9.8 | In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code … |
| CVE-2025-29385 | CVE-2025-29385 CVSS 9.8 | In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary… |
| CVE-2025-29384 | CVE-2025-29384 CVSS 9.8 | In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary co… |
| CVE-2025-29369 | CVE-2025-29369 CVSS 9.8 | Code-Projects Matrimonial Site V1.0 is vulnerable to SQL Injection in /view_profile.php?id=1. |
| CVE-2025-29366 | CVE-2025-29366 CVSS 9.8 | In mupen64plus v2.6.0 there is an array overflow vulnerability in the write_rdram_regs and write_rdram_regs functions, which enables executing arbitrary comman… |
| CVE-2025-29365 | CVE-2025-29365 CVSS 9.8 | spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READ_STRING_SYSCALL. |
| CVE-2025-29331 | CVE-2025-29331 CVSS 9.8 | An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no check cert… |
| CVE-2025-29329 | CVE-2025-29329 CVSS 9.8 | Buffer Overflow in the ippprint (Internet Printing Protocol) service in Sagemcom F@st 3686 MAGYAR_4.121.0 allows remote attacker to execute arbitrary code by s… |
| CVE-2025-29315 | CVE-2025-29315 CVSS 9.8 | An issue in the Shiro-based RBAC (Role-based Access Control) mechanism of OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allo… |
| CVE-2025-29312 | CVE-2025-29312 CVSS 9.1 | An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect t… |
| CVE-2025-29310 | CVE-2025-29310 CVSS 9.8 | An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers … |
| CVE-2025-29306 | CVE-2025-29306 CVSS 9.8 | An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component. |
| CVE-2025-29287 | CVE-2025-29287 CVSS 9.8 | An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2025-29270 | CVE-2025-29270 CVSS 10.0 | Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin pan… |
| CVE-2025-2927 | CVE-2025-2927 CVSS 9.8 | A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been classified as critical. Affected is an unknown function of the file /parameter/getFileType… |
| CVE-2025-29269 | CVE-2025-29269 CVSS 9.8 | ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the command parameter in the popen.cgi endpoint. |
| CVE-2025-29268 | CVE-2025-29268 CVSS 9.8 | ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library. |
| CVE-2025-29266 | CVE-2025-29266 CVSS 9.6 | Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host netw… |
| CVE-2025-29229 | CVE-2025-29229 CVSS 9.8 | linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus. |
| CVE-2025-29228 | CVE-2025-29228 CVSS 9.8 | Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter. |
| CVE-2025-29209 | CVE-2025-29209 CVSS 9.8 | TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi. |
| CVE-2025-29165 | CVE-2025-29165 CVSS 9.8 | An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component |
| CVE-2025-29137 | CVE-2025-29137 CVSS 9.8 | Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE. |
| CVE-2025-29135 | CVE-2025-29135 CVSS 9.8 | A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using … |
| CVE-2025-29100 | CVE-2025-29100 CVSS 9.8 | Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the parameter list. |
| CVE-2025-29085 | CVE-2025-29085 CVSS 9.8 | SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClus… |
| CVE-2025-2907 | CVE-2025-2907 CVSS 9.8 | The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper ch… |
| CVE-2025-29064 | CVE-2025-29064 CVSS 9.8 | An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi. |
| CVE-2025-29063 | CVE-2025-29063 CVSS 9.8 | An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not h… |
| CVE-2025-29062 | CVE-2025-29062 CVSS 9.8 | An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead … |
| CVE-2025-29058 | CVE-2025-29058 CVSS 9.8 | An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component. |
| CVE-2025-2905 | CVE-2025-2905 CVSS 9.1 | Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resol… |
| CVE-2025-29047 | CVE-2025-29047 CVSS 9.8 | Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the hiddenIndex in the func… |
| CVE-2025-29046 | CVE-2025-29046 CVSS 9.8 | Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the GAPSMinute3 key value |
| CVE-2025-29045 | CVE-2025-29045 CVSS 9.8 | Buffer Overflow vulnerability in ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the newap_text_0 key value |
| CVE-2025-29044 | CVE-2025-29044 CVSS 9.8 | Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value |
| CVE-2025-29043 | CVE-2025-29043 CVSS 9.8 | An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234 |
| CVE-2025-29042 | CVE-2025-29042 CVSS 9.8 | An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c |
| CVE-2025-29041 | CVE-2025-29041 CVSS 9.8 | An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c |
| CVE-2025-29040 | CVE-2025-29040 CVSS 9.8 | An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41737c |
| CVE-2025-29031 | CVE-2025-29031 CVSS 9.8 | Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function. |
| CVE-2025-29030 | CVE-2025-29030 CVSS 9.8 | Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function. |
| CVE-2025-29029 | CVE-2025-29029 CVSS 9.8 | Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function. |
| CVE-2025-29009 | CVE-2025-29009 CVSS 10.0 | Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce medical-prescription-attachment-… |